1#! /usr/bin/env perl 2# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11use OpenSSL::Test::Utils; 12use File::Temp qw(tempfile); 13use TLSProxy::Proxy; 14use checkhandshake qw(checkhandshake @handmessages @extensions); 15 16my $test_name = "test_tls13kexmodes"; 17setup($test_name); 18 19plan skip_all => "TLSProxy isn't usable on $^O" 20 if $^O =~ /^(VMS)$/; 21 22plan skip_all => "$test_name needs the dynamic engine feature enabled" 23 if disabled("engine") || disabled("dynamic-engine"); 24 25plan skip_all => "$test_name needs the sock feature enabled" 26 if disabled("sock"); 27 28plan skip_all => "$test_name needs TLSv1.3 enabled" 29 if disabled("tls1_3"); 30 31$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 32$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 33 34 35@handmessages = ( 36 [TLSProxy::Message::MT_CLIENT_HELLO, 37 checkhandshake::ALL_HANDSHAKES], 38 [TLSProxy::Message::MT_SERVER_HELLO, 39 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 40 [TLSProxy::Message::MT_CLIENT_HELLO, 41 checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 42 [TLSProxy::Message::MT_SERVER_HELLO, 43 checkhandshake::ALL_HANDSHAKES], 44 [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 45 checkhandshake::ALL_HANDSHAKES], 46 [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 47 checkhandshake::CLIENT_AUTH_HANDSHAKE], 48 [TLSProxy::Message::MT_CERTIFICATE, 49 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 50 [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 51 checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 52 [TLSProxy::Message::MT_FINISHED, 53 checkhandshake::ALL_HANDSHAKES], 54 [TLSProxy::Message::MT_CERTIFICATE, 55 checkhandshake::CLIENT_AUTH_HANDSHAKE], 56 [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 57 checkhandshake::CLIENT_AUTH_HANDSHAKE], 58 [TLSProxy::Message::MT_FINISHED, 59 checkhandshake::ALL_HANDSHAKES], 60 [0, 0] 61); 62 63@extensions = ( 64 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 65 TLSProxy::Message::CLIENT, 66 checkhandshake::SERVER_NAME_CLI_EXTENSION], 67 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 68 TLSProxy::Message::CLIENT, 69 checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 70 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 71 TLSProxy::Message::CLIENT, 72 checkhandshake::DEFAULT_EXTENSIONS], 73 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 74 TLSProxy::Message::CLIENT, 75 checkhandshake::DEFAULT_EXTENSIONS], 76 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 77 TLSProxy::Message::CLIENT, 78 checkhandshake::DEFAULT_EXTENSIONS], 79 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 80 TLSProxy::Message::CLIENT, 81 checkhandshake::ALPN_CLI_EXTENSION], 82 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 83 TLSProxy::Message::CLIENT, 84 checkhandshake::SCT_CLI_EXTENSION], 85 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 86 TLSProxy::Message::CLIENT, 87 checkhandshake::DEFAULT_EXTENSIONS], 88 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 89 TLSProxy::Message::CLIENT, 90 checkhandshake::DEFAULT_EXTENSIONS], 91 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 92 TLSProxy::Message::CLIENT, 93 checkhandshake::DEFAULT_EXTENSIONS], 94 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 95 TLSProxy::Message::CLIENT, 96 checkhandshake::DEFAULT_EXTENSIONS], 97 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 98 TLSProxy::Message::CLIENT, 99 checkhandshake::DEFAULT_EXTENSIONS], 100 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 101 TLSProxy::Message::CLIENT, 102 checkhandshake::PSK_KEX_MODES_EXTENSION], 103 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 104 TLSProxy::Message::CLIENT, 105 checkhandshake::PSK_CLI_EXTENSION], 106 107 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 108 TLSProxy::Message::SERVER, 109 checkhandshake::DEFAULT_EXTENSIONS], 110 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 111 TLSProxy::Message::SERVER, 112 checkhandshake::KEY_SHARE_HRR_EXTENSION], 113 114 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 115 TLSProxy::Message::CLIENT, 116 checkhandshake::SERVER_NAME_CLI_EXTENSION], 117 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 118 TLSProxy::Message::CLIENT, 119 checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 120 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 121 TLSProxy::Message::CLIENT, 122 checkhandshake::DEFAULT_EXTENSIONS], 123 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 124 TLSProxy::Message::CLIENT, 125 checkhandshake::DEFAULT_EXTENSIONS], 126 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 127 TLSProxy::Message::CLIENT, 128 checkhandshake::DEFAULT_EXTENSIONS], 129 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 130 TLSProxy::Message::CLIENT, 131 checkhandshake::ALPN_CLI_EXTENSION], 132 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 133 TLSProxy::Message::CLIENT, 134 checkhandshake::SCT_CLI_EXTENSION], 135 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 136 TLSProxy::Message::CLIENT, 137 checkhandshake::DEFAULT_EXTENSIONS], 138 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 139 TLSProxy::Message::CLIENT, 140 checkhandshake::DEFAULT_EXTENSIONS], 141 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 142 TLSProxy::Message::CLIENT, 143 checkhandshake::DEFAULT_EXTENSIONS], 144 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 145 TLSProxy::Message::CLIENT, 146 checkhandshake::DEFAULT_EXTENSIONS], 147 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 148 TLSProxy::Message::CLIENT, 149 checkhandshake::DEFAULT_EXTENSIONS], 150 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 151 TLSProxy::Message::CLIENT, 152 checkhandshake::PSK_KEX_MODES_EXTENSION], 153 [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 154 TLSProxy::Message::CLIENT, 155 checkhandshake::PSK_CLI_EXTENSION], 156 157 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 158 TLSProxy::Message::SERVER, 159 checkhandshake::DEFAULT_EXTENSIONS], 160 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 161 TLSProxy::Message::SERVER, 162 checkhandshake::KEY_SHARE_SRV_EXTENSION], 163 [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 164 TLSProxy::Message::SERVER, 165 checkhandshake::PSK_SRV_EXTENSION], 166 167 [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 168 TLSProxy::Message::SERVER, 169 checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 170 [0,0,0,0] 171); 172 173use constant { 174 DELETE_EXTENSION => 0, 175 EMPTY_EXTENSION => 1, 176 NON_DHE_KEX_MODE_ONLY => 2, 177 DHE_KEX_MODE_ONLY => 3, 178 UNKNOWN_KEX_MODES => 4, 179 BOTH_KEX_MODES => 5 180}; 181 182my $proxy = TLSProxy::Proxy->new( 183 undef, 184 cmdstr(app(["openssl"]), display => 1), 185 srctop_file("apps", "server.pem"), 186 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 187); 188 189#Test 1: First get a session 190(undef, my $session) = tempfile(); 191$proxy->clientflags("-sess_out ".$session); 192$proxy->serverflags("-servername localhost"); 193$proxy->sessionfile($session); 194$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 195plan tests => 11; 196ok(TLSProxy::Message->success(), "Initial connection"); 197 198#Test 2: Attempt a resume with no kex modes extension. Should fail (server 199# MUST abort handshake with pre_shared key and no psk_kex_modes) 200$proxy->clear(); 201$proxy->clientflags("-sess_in ".$session); 202my $testtype = DELETE_EXTENSION; 203$proxy->filter(\&modify_kex_modes_filter); 204$proxy->start(); 205ok(TLSProxy::Message->fail(), "Resume with no kex modes"); 206 207#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty 208# extension is invalid) 209$proxy->clear(); 210$proxy->clientflags("-sess_in ".$session); 211$testtype = EMPTY_EXTENSION; 212$proxy->start(); 213ok(TLSProxy::Message->fail(), "Resume with empty kex modes"); 214 215#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a 216# key_share 217$proxy->clear(); 218$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session); 219$proxy->serverflags("-allow_no_dhe_kex"); 220$testtype = NON_DHE_KEX_MODE_ONLY; 221$proxy->start(); 222checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 223 checkhandshake::DEFAULT_EXTENSIONS 224 | checkhandshake::PSK_KEX_MODES_EXTENSION 225 | checkhandshake::PSK_CLI_EXTENSION 226 | checkhandshake::PSK_SRV_EXTENSION, 227 "Resume with non-dhe kex mode"); 228 229#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share 230$proxy->clear(); 231$proxy->clientflags("-sess_in ".$session); 232$testtype = DHE_KEX_MODE_ONLY; 233$proxy->start(); 234checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 235 checkhandshake::DEFAULT_EXTENSIONS 236 | checkhandshake::PSK_KEX_MODES_EXTENSION 237 | checkhandshake::KEY_SHARE_SRV_EXTENSION 238 | checkhandshake::PSK_CLI_EXTENSION 239 | checkhandshake::PSK_SRV_EXTENSION, 240 "Resume with non-dhe kex mode"); 241 242#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume 243# but rather fall back to full handshake 244$proxy->clear(); 245$proxy->clientflags("-sess_in ".$session); 246$testtype = UNKNOWN_KEX_MODES; 247$proxy->start(); 248checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 249 checkhandshake::DEFAULT_EXTENSIONS 250 | checkhandshake::PSK_KEX_MODES_EXTENSION 251 | checkhandshake::KEY_SHARE_SRV_EXTENSION 252 | checkhandshake::PSK_CLI_EXTENSION, 253 "Resume with unrecognized kex mode"); 254 255#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with 256# a key_share 257$proxy->clear(); 258$proxy->clientflags("-sess_in ".$session); 259$testtype = BOTH_KEX_MODES; 260$proxy->start(); 261checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 262 checkhandshake::DEFAULT_EXTENSIONS 263 | checkhandshake::PSK_KEX_MODES_EXTENSION 264 | checkhandshake::KEY_SHARE_SRV_EXTENSION 265 | checkhandshake::PSK_CLI_EXTENSION 266 | checkhandshake::PSK_SRV_EXTENSION, 267 "Resume with non-dhe kex mode"); 268 269#Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable 270# initial key_share. Should resume with a key_share following an HRR 271$proxy->clear(); 272$proxy->clientflags("-sess_in ".$session); 273$proxy->serverflags("-curves P-256"); 274$testtype = BOTH_KEX_MODES; 275$proxy->start(); 276checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 277 checkhandshake::DEFAULT_EXTENSIONS 278 | checkhandshake::PSK_KEX_MODES_EXTENSION 279 | checkhandshake::KEY_SHARE_SRV_EXTENSION 280 | checkhandshake::KEY_SHARE_HRR_EXTENSION 281 | checkhandshake::PSK_CLI_EXTENSION 282 | checkhandshake::PSK_SRV_EXTENSION, 283 "Resume with both kex modes and HRR"); 284 285#Test 9: Attempt a resume with dhe kex mode only and an unacceptable initial 286# key_share. Should resume with a key_share following an HRR 287$proxy->clear(); 288$proxy->clientflags("-sess_in ".$session); 289$proxy->serverflags("-curves P-256"); 290$testtype = DHE_KEX_MODE_ONLY; 291$proxy->start(); 292checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 293 checkhandshake::DEFAULT_EXTENSIONS 294 | checkhandshake::PSK_KEX_MODES_EXTENSION 295 | checkhandshake::KEY_SHARE_SRV_EXTENSION 296 | checkhandshake::KEY_SHARE_HRR_EXTENSION 297 | checkhandshake::PSK_CLI_EXTENSION 298 | checkhandshake::PSK_SRV_EXTENSION, 299 "Resume with dhe kex mode and HRR"); 300 301#Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable 302# initial key_share and no overlapping groups. Should resume without a 303# key_share 304$proxy->clear(); 305$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session); 306$proxy->serverflags("-allow_no_dhe_kex -curves P-256"); 307$testtype = BOTH_KEX_MODES; 308$proxy->start(); 309checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 310 checkhandshake::DEFAULT_EXTENSIONS 311 | checkhandshake::PSK_KEX_MODES_EXTENSION 312 | checkhandshake::PSK_CLI_EXTENSION 313 | checkhandshake::PSK_SRV_EXTENSION, 314 "Resume with both kex modes, no overlapping groups"); 315 316#Test 11: Attempt a resume with dhe kex mode only, unacceptable 317# initial key_share and no overlapping groups. Should fail 318$proxy->clear(); 319$proxy->clientflags("-curves P-384 -sess_in ".$session); 320$proxy->serverflags("-curves P-256"); 321$testtype = DHE_KEX_MODE_ONLY; 322$proxy->start(); 323ok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups"); 324 325unlink $session; 326 327sub modify_kex_modes_filter 328{ 329 my $proxy = shift; 330 331 # We're only interested in the initial ClientHello 332 return if ($proxy->flight != 0); 333 334 foreach my $message (@{$proxy->message_list}) { 335 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 336 my $ext; 337 338 if ($testtype == EMPTY_EXTENSION) { 339 $ext = pack "C", 340 0x00; #List length 341 } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) { 342 $ext = pack "C2", 343 0x01, #List length 344 0x00; #psk_ke 345 } elsif ($testtype == DHE_KEX_MODE_ONLY) { 346 $ext = pack "C2", 347 0x01, #List length 348 0x01; #psk_dhe_ke 349 } elsif ($testtype == UNKNOWN_KEX_MODES) { 350 $ext = pack "C3", 351 0x02, #List length 352 0xfe, #unknown 353 0xff; #unknown 354 } elsif ($testtype == BOTH_KEX_MODES) { 355 #We deliberately list psk_ke first...should still use psk_dhe_ke 356 $ext = pack "C3", 357 0x02, #List length 358 0x00, #psk_ke 359 0x01; #psk_dhe_ke 360 } 361 362 if ($testtype == DELETE_EXTENSION) { 363 $message->delete_extension( 364 TLSProxy::Message::EXT_PSK_KEX_MODES); 365 } else { 366 $message->set_extension( 367 TLSProxy::Message::EXT_PSK_KEX_MODES, $ext); 368 } 369 370 $message->repack(); 371 } 372 } 373} 374